Method of manufacturing smart cards

ABSTRACT

A smartcard ( 1 ) has a memory ( 2 ) of a ROM portion ( 3 ) and an EEPROM portion ( 4 ). A first type of data will be required throughout the life of smartcard ( 1 ) is stored in ROM portion ( 3 ). A second type of program data which is to be used a predetermined number of times early on in the life of smartcard ( 1 ) is stored in EEPROM portion ( 4 ). Generally, the second type of data is stored in at least one lower memory address portion ( 8 ) of EEPROM ( 4 ). The second type of program data is moved from its lower memory address portion in EEPROM ( 4 ) to a higher memory address portion ( 9 ) for execution. The data is then deleted from higher memory address portion ( 9 ).

TECHNICAL FIELD

The present invention relates to a method of manufacturing smartcardsand smartcards produced therefrom and, in particular, to a method ofmanufacturing smartcards so as to more efficiently employ memory that isprovided on the cards.

The invention is being developed primarily for use in the manufacturingof smartcards and will be described hereinafter with reference to thisapplication. However, it will be appreciated that the invention is notlimited to this particular field of use.

BACKGROUND ART

Smartcards are being used more and more in everyday life, for example,in automated vehicle tolling systems and cellular telephones. When asmartcard is manufactured, it must be enabled and then personalisedprior to dispensing the cards to a user.

Smartcards are generally provided with two types of memory that can beused to store executable programmes. The first type of memory is readonly memory (ROM) which is programmed at the time of manufacturing andsubsequently cannot be erased or altered. The second type of memory isgenerally some form of modifiable non-volatile memory which can be readfrom and written to during the life of the card.

It is a common approach when manufacturing smartcards to place thoseparts of the application that will never be changed into the card's ROMand use the modifiable memory for data or executable applications thatmay change during the life of the card. The capacity of ROM andmodifiable memory is limited so it is desirable to maximise theefficiency of its use to optimise the card's intended application orapplications. Accordingly, any means of more efficiently using thememory on the smartcards will provide an advantageous result. Previoussolutions to the problem of having insufficient memory means onsmartcards have been proposed, however, these primarily relate to morecomplex methods of writing data to ROM. For example, EP0275510 (IBM)discloses smartcards having memory means, the cards being manufacturingsuch that the memory means is at least partially unused or altogetherwithout application programmes loaded into the ROM. The citation allowsappropriate application programmes to be loaded into the ROM at a laterstage.

The disclosure provides this such that when the card is manufactured itis provided with a bootstrap program which allows subsequentapplications to be later loaded and stored in the ROM. This provides anadvantage of allowing parallel manufacture of the cards and developmentof the software because, traditionally, software had to be completelydeveloped and tested before storing in ROM, since ROM could not bealtered. This resulted in the need to discard the smartcard if an errorhad occurred or changes to an application program needed to be made.

U.S. Pat. No. 5,960,082 (Haenel) is directed toward the creation of aflexible means for the post initialisation of chipcards which providesfor more cost effective production. The patent provides for the writingof additional applications onto the chipcard at any point in time afterthe conclusion of initialisation, whereby commands and keys whichalready exist on the chip are utilised therefor. Primarily, the citationis directed toward loading key data into non-volatile memory.

The disclosure of U.S. Pat. No. 5,214,409 (Beigel) relates tocooperative identification systems in which the identifying agency andthe object to be identified cooperate in the identification processaccording to a prearranged scheme. The patent employs programmable ROMs(in a transponder/tag device) that are programmed either by themanufacturer or by the user prior to implantation of objects to beidentified. Communication between the tag and a reader is accomplishedby the reader establishing a reversing magnetic field in the vicinity ofthe tag and the tag varying its absorption of power from the field inaccordance with the information to be transmitted. It is an object ofthe present invention to provide a method for manufacturing smartcardsand the cards produced therefrom that will enable more efficient use ofsmartcard memory means.

SUMMARY OF THE INVENTION

According to a first aspect of the invention there is provided a methodfor manufacturing a smartcard having a memory means, the methodincluding the steps of:

storing program data of a first type which will be required throughoutthe life of the card in a read only memory portion of the memory means;

storing program data of a second type which will not be requiredthroughout the life of the card in a modifiable portion of the memorymeans; and

wherein the program data types are stored in their respective memoryportions at the card manufacturing stage and the second type of programdata is deleted once it has been employed.

Preferably, when employing the second type of program data, the methodfurther includes the steps of storing this data into a first part of themodifiable memory portion such that when it is called for, it is movedfrom the first part of the modifiable memory portion to a latter part ofthe modifiable memory portion and executed. Subsequent to the executionof the data, it is deleted from the modifiable memory means.

Even more preferably, the second type of data is used once for theprocess of verifying the authenticity of the card subsequent tomanufacturing, the method further includes the step of verifyingauthenticity of the card in the process of enabling the card whereinonce the data in this step has been employed, the second type of data isdeleted from the modifiable memory portion of the card.

According to a second aspect of the invention there is provided a methodfor manufacturing a multi-application smartcard having a memory means,the method including the steps of:

storing program data of a first type for each application which will berequired throughout the life of the card in respective read only memoryportions of the memory means;

storing program data of a second type for each application which willnot be required throughout the life of the card in respective modifiableportions of the memory means; and

wherein the program data types for each application are stored in theirrespective memory portions at the manufacturing stage of the card andthe respective parts of the second type of program data for eachapplication are deleted once employed.

Preferably, when employing the second type of program data for eachapplication, the method further includes the steps of the storing datafor one or more applications into a first part of the modifiable memoryportion such that when it is called for, it is moved from the first partof the modifiable memory portion to a latter part of the modifiablememory portion and executed. Subsequent to the execution of this data,the respective second type of data for the one or more applications isdeleted from the modifiable memory means.

Preferably, the second type of program data is data employed only by anoperating system on the smartcard.

In alternative embodiments, the respective second type of data is usedonce for the process of verifying the authenticity of the cardsubsequent to manufacturing and the method further includes the step ofverifying the authenticity of the card in the process of enabling thecard wherein once the data in this step has been employed, therespective second type of data is then deleted from the modifiablememory portion of the card.

Preferably, both portions of the card's memory include respectiveportions of a multi-application operating system (for example MULTOS)and the step of verifying the authenticity of the card is executed bymeans of a command in the form of CHECKDATA, the command being of thesecond type of application program data and stored in the modifiableportion of the memory. Also preferable, the step of providingpersonalised data to the card enables the card for use and is executedby means of a command in the form of SET MSM CONTROLS, the command beingof the second type of application program data. Subsequently, the dataemployed in this step and the step of verifying the card deleted afterits execution.

According to another aspect of the invention there is provided asmartcard having a memory means, the smartcard including:

a processing means;

a read only portion of memory in communication with the processor;

a modifiable portion of memory in communication with the processor;

input and output means on the card in communication with the processorand being externally accessible; and

wherein program data of a first type corresponding to data which will berequired throughout the card's life is stored in the read only portionof the memory and program data of a second type corresponding to datawhich will not be required throughout the card's life is stored in themodifiable portion of the memory such that once the second type of datahas been employed, it is deleted.

Preferably, the second type of data is moved from a first part of themodifiable memory portion to a second part of this memory portion whenit is required and deleted from the second part of the modifiable memoryportion subsequent to execution. In alternative embodiments, the secondtype of data is employed only once during the life of the smartcard.

It is the case that there are certain portions of a smartcardsapplication that may only be used during the early stages of the card'slife. For example, card activation data which is used only once prior tothe loading of any application software or personalisation data.

Preferably also, the smart card includes a MULTOS operating system andthe cards is authenticated by employing a checkdata command stored inthe modifiable portion of the memory means such that once executed it ismoved from the first portion of the modifiable memory means to a secondportion of the modifiable memory means and, once the cards isauthenticated, that data in the second portion of the modifiable memorymeans is deleted.

More preferably, the smart card is personalised after beingauthenticated by employing a Set MSM Controls command stored in themodifiable portion of the memory means such that when executed it ismoved from the first portion of the modifiable memory means to thesecond portion of the modifiable memory means and, once the card ispersonalised, that data in the second portion of the modifiable memorymeans is deleted.

Once this early phase is completed, that portion of executed applicationcode will never be required again. Therefore, it is disadvantageous toplace this code into the card's ROM where once written and executed itmust remain such that it is effectively occupying ROM memory space thatmay be better used by other applications and/or data.

Therefore, rather than placing application code into the ROM of asmartcard, it would be advantageous to place the code in itsnon-volatile memory at manufacturing so that once the code has beenemployed for its required purpose early in the card's life, it can beerased and from the area of non-volatile memory that it occupied and sofree up that memory for future use. This would reduce the amount ofrequired ROM memory which could be used for other purposes.

The method and smartcards produced therefrom advantageously provide anextra level of security wherein once a card is enabled and personalised,it can not be re-enable or re-personalised by unauthorised partiesbecause the data required in these processes is deleted from thesmartcards memory after it is executed.

BRIEF DESCRIPTION OF THE DRAWINGS

Preferred embodiments of the invention will now be described, by way ofexample only, with reference to the accompanying drawing in which:

FIG. 1 is a block diagram view of a smartcard according to theinvention;

FIG. 2 is a flow chart illustrating method for manufacturing smartcardsaccording to the invention; and

FIG. 3 is a block diagram view of a multi-application smartcardaccording to the invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE INVENTION

Referring to FIG. 1 there is illustrated a schematic diagram of asmartcard (1). Smartcard (1) includes memory means (2) having anon-volatile portion (3) in the form of read-only memory (ROM) and amodifiable non-volatile portion (4) in the form of an EEPROM.

Smartcard (1) further includes processing means (5) in the form of a CPUwhich is in communication with each portion (3) and (4) of memory means(2). Smartcard (1) further includes an input (6) and an output (7) inthe form of externally accessible electrical contacts which are incommunication with processor (5).

Smartcard (1) is configured so that a first type of data correspondingto that which will be required throughout the life of smartcard (1) isstored in ROM memory (3). A second type of program data which is to beused a predetermined number of times early on in the life of smartcard(1) is stored in modifiable memory portion (4). Generally, the secondtype of data is stored in at least one lower memory address portion (8)of modifiable memory portion (4) and the second type of program data isonly to be employed once throughout the life of the smartcard.

When the second type of program data is called for execution, it ismoved from its lower memory address portion in modifiable memory (4) toa higher memory address portion (9). The data is then deleted fromhigher memory address portion (9). Therefore, this second type ofprogram data is removed from memory after execution so as to allowfuture use of the modifiable memory portion (4) to be optimised.However, in some embodiments of the invention the step of moving thesecond type of data is stored in lower memory address portion (8) ofmodifiable memory portion (4) to higher memory address portion (9) isnot required. This method is broadly illustrated in flow chart form inFIG. 2.

In some other preferred embodiments, not illustrated, the second type ofprogram data is data employed only by an operating system on thesmartcard.

Smartcard (1) may also be employed as a multi-application smartcard. Adual application smartcard is shown in FIG. 3, however, it will beappreciated that any number of applications may be employed on the card.

In multi-application cases, respective first types of data correspondingto those which will be required throughout the life of smartcard (1) arestored in respective ROM memory (3) portions (10) and (11). Respectivesecond types of program data which are to be used a predetermined numberof times early on in the life of smartcard (1) are stored in respectivemodifiable memory (4) portions (12) and (13). Generally, the second typeof data for each application is stored in respective lower memoryaddress portions (12 a) and (13 a).

When the second type of program data for respective applications iscalled for execution, it is moved from its respective lower memoryaddress portions (12 a) and (13 a) to respective higher memory addressportions (12 b) and (13 b) in modifiable memory portions (12) and (13).The data is then deleted from the higher memory address portions (12 b)and (13 b). As with a single application smartcard described above, someembodiments of the invention the step of moving the respective secondtype of data stored in lower memory address portions (12 a) and (13 a)of modifiable memory portions (12) and (13) to higher memory addressportions (12 b) and (13 b) is not required.

Referring still to FIG. 3, smartcard (1) includes a multi-applicationoperating system (MULTOS). Respective second types of program data arestored in modifiable memory portions (12 a) and (13 a) and, when calledfor execution, they are moved to respective higher memory addressportions (12 b) and (13 b) and executed. After being executed, therespective second types of program data are deleted from higher addressmemory portions (12 b) and (13 b), thereby freeing up these portions ofmemory for later use.

The smartcard (1) is manufactured so that it is configured to be enabledfor use subsequent to the early stages of manufacturing. At this stage,both portions of the smartcard's memory (10) and (12) and (11) and (13)respectively include respective portions of the operating system whereinmemory portions (12) and (13) each include respective program data ofthe second type that are used in the authentication of smartcard (1).

In this MULTOS embodiment, the step of enabling smartcard (1) isexecuted only once by means of a command in the form of CHECKDATA storedin modifiable memory portion (12 a). Once this data is called forexecution, it is moved from memory portion (12 a) to memory portion (12b) wherein it is executed. Once the card has been enabled, smartcard (1)is configured to receive personalised data indicative of the user of thesmartcard. The step of personalising smartcard (1) is executed only onceby means of a command in the form of MSM SETCONTROLS stored inmodifiable memory portion (13 a). Once this data is called forexecution, it is moved from memory portion (13 a) to memory portion (13b) wherein it is executed. Subsequently, the used data is deleted frommemory portions (12 b) and (13 b) thereby freeing up memory portions (12a), (12 b), (13 a) and (13 b) for future use. Although the data of theCHECKDATA or MSM SETCONTROLS commands is deleted after execution of bothcommands, in other embodiments of the invention, the data of either ofthe CHECKDATA or MSM SETCONTROLS commands may be employed two or moretimes before being deleted from the modifiable portion of the memory.

At this stage, the card is ready to be further personalised by thoseproviding the smartcards to an end user, however, the step of enablingand personalising smartcard (1) can not be re-executed because thesecond types of program data employed in this procedure have beendeleted after their respective execution.

Although the invention has been described with reference to specificembodiments of the invention, it will be appreciated by those skilled inthe art that it may be embodied in many other forms.

1. A method for manufacturing a smartcard having a memory means, themethod including the steps of: storing program data of a first typewhich will be required throughout the life of the card in a read onlymemory portion of the memory means; storing program data of a secondtype which will not be required throughout the life of the card in amodifiable portion of the memory means; and in which the program datatypes are stored in their respective memory portions at the cardmanufacturing stage and the second type of program data is deleted onceit has been employed.
 2. A method for manufacturing a smartcard asclaimed in claim 1 which method further including the step of: storingthe second type of program data into a first part of the modifiablememory portion such that when it is called for, it is moved from thefirst part of the modifiable memory portion to a latter part of themodifiable memory portion and executed.
 3. A method for manufacturing asmartcard as claimed in claim 1 in which the second type of data is usedonce for the process of verifying the authenticity of the cardsubsequent to manufacturing.
 4. A method for manufacturing a smartcardas claimed in claim 3, in which: the verifying of the authenticity ofthe card takes place in the process of enabling the card, and once thesecond type of data has been used in the process of verifying theauthenticity of the card, it is deleted from the modifiable memoryportion of the card.
 5. A method for manufacturing a multi-applicationsmartcard having a memory means, the method including the steps of:storing program data of a first type for each application which will berequired throughout the life of the card in respective read only memoryportions of the memory means; storing program data of a second type foreach application which will not be required throughout the life of thecard in respective modifiable portions of the memory means; and in whichthe program data types for each application are stored in theirrespective memory portions at the manufacturing stage of the card andthe respective parts of the second type of program data for eachapplication are deleted once employed.
 6. A method for manufacturing asmartcard as claimed in claim 5, further including the step of storingthe second type of program data for one or more applications into afirst part of the modifiable memory portion such that when it is calledfor, it is moved from the first part of the modifiable memory portion toa latter part of the modifiable memory portion and executed.
 7. A methodof manufacturing a smartcard as claimed in claim 5 in which the secondtype of program data is data employed only by an operating system on thesmartcard.
 8. A method of manufacturing a smartcard as claimed in claim5, in which the respective second type of data is used once for theprocess of verifying the authenticity of the card subsequent tomanufacturing.
 9. A method for manufacturing a smartcard as claimed inclaim 8 in which: the verifying of the authenticity of the card takesplace in the process of enabling the card; and once the respectivesecond type of data has been used in the process of verifying heauthenticity of the card, it is then deleted from the modifiable memoryportion of the card.
 10. A method for manufacturing a smartcard asclaimed in claim 5 in which both the read only and modifiable portionsof the card memory include respective portions of a multi-applicationoperating system.
 11. A method for manufacturing a smartcard as claimedin claim 10 in which: the multi-application operating system is MULTOS,and the step of verifying the authenticity of the card is executed bymeans of a command in the form of CHECKDATA, the command being of thesecond type of application program data and stored in the modifiableportion of the memory.
 12. A method for manufacturing a smartcard asclaimed in claim 10, further including a step of providing personalizeddata to the card, which data: enables the card for use; and is executedby means of a command in the form of SET MSM CONTROLS, the command beingof the second type of application program data.
 13. A smartcard having amemory means, the smartcard including: a processing means; a read onlyportion of memory in communication with the processor; a modifiableportion of memory in communication with the processor; input and outputmeans on the card in communication with the processor and beingexternally accessible; and in which program data of a first typecorresponding to data which will be required throughout the card's lifeis stored in the read only portion of the memory and program data of asecond type corresponding to data which will not be required throughoutthe card's life is stored in the modifiable portion of the memory suchthat once the second type of data has been employed, it is deleted. 14.A smartcard as claimed in claim 13 in which the second type of data ismoved from a first part of the modifiable memory portion to a secondpart of this memory portion when it is required and deleted from thesecond part of the modifiable memory portion subsequent to execution.15. A smartcard as claimed in claim 13 in which the second type of datais employed only once during the life of the smartcard.
 16. A smartcardas claimed in claim 13 in which at least a portion of the smartcardsapplication is used only during the early stages of the card's life. 17.A smartcard as claimed in claim 16 in which the at least one portionincludes card activation data which is used only once prior to theloading of any application software.
 18. A smartcard as claimed in claim16 in which the at least one portion includes personalization data. 19.A smartcard as claimed in claim 13 in which the smartcard includes aMULTOS operating system.
 20. A smartcard as claimed in claim 19, inwhich the card is authenticated by employing a checkdata command storedin the modifiable portion of the memory means.
 21. A smartcard asclaimed in claim 20 in which: once the checkdata command is executed itis moved from the first portion of the modifiable memory means to asecond portion of the modifiable memory means and, once the cards isauthenticated, that data in the second portion of the modifiable memorymeans is deleted.
 22. A smartcard as claimed in claim 21 in which, afterthe smartcard is authenticated it is personalized by employing a Set MSMControls command stored in the modifiable portion of the memory meanssuch that when executed it is moved from the first portion of themodifiable memory means to the second portion of the modifiable memorymeans and, once the card is personalized, that data in the secondportion of the modifiable memory means is deleted.